WFP is a set of Home windows APIs and companies that builders can use to work together with the community packet processing deep contained in the Home windows networking stack. This highly effective functionality is normally leveraged by firewalls and different safety functions to watch, block or modify community packets primarily based on IP addresses, ports, originating processes and so forth.
EDRSilencer creates WFP filters that concentrate on processes related to common EDR instruments. Brokers supported by default embody Microsoft Defender for Endpoint and Microsoft Defender Antivirus, Elastic EDR, Trellix EDR, Qualys EDR, SentinelOne, Cylance, Cybereason, Carbon Black EDR, Carbon Black Cloud, Tanium, Palo Alto Networks Traps/Cortex XDR, FortiEDR, Cisco Safe Endpoint (Previously Cisco AMP), ESET Examine, Harfanglab EDR and TrendMicro Apex One.
If the EDR agent put in on a system just isn’t one from this record and isn’t routinely acknowledged, the person can move a full path to the method they need to have its community communication blocked. So, in principle, it might block community site visitors for any packages, not simply EDR brokers.
